The EU General Data Protection Regulation (GDPR) will set a new standard for how companies use and protect EU citizens’ data.
Using Salesmate under the GDPR
At Salesmate we have made all changes to comply with GDPR enforcement started from May 25th. Here’s an overview of GDPR, and how we are preparing for it:
- We have certified for The EU-U.S. and Swiss-U.S. Privacy Shield designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data. Click here to view the verified listing.
- All data is encrypted during transit and in storage.
- We perform background checks for employees and provide the data security training.
- Only limited employees have access to contact’s data and they only check it to respond to your support requests and make sure every essential functionality is working as expected. Access is revoked quickly if there is no further need.
- Whenever a new feature is released, we test it against penetrations tests to make sure there are no vulnerability or security issues.
- As per GDPR, In the event of a Security Incident, Salesmate will notify you asap basis and will provide reasonable assistance to mitigate or rectify data.
- We are getting DPA signed with all our sub-processors. And we will keep informing you if there is any change in our list of sub-processors.
- Here is a complete list of our sub-processors.
Data Processing Agreements (DPA)
Our company isn’t in the EU, but we do have customers/prospects in the EU. Do I need to sign a DPA?
The data protection principles outlined in the GDPR are specific to the rights of EU citizens or people in the EU. If you have customers in the EU, you are likely processing data for EU citizens. There are restrictions against transferring and processing data outside of the EU. A Data Processing Agreement (DPA) is a lawful data transfer mechanism that allows you to transfer and process data outside of the EU. You should check with your legal counsel to determine if your company needs to sign a DPA with Salesmate.
If I’m in the UK (or otherwise outside of the EU), do I need to be concerned about GDPR?
Probably. Since the GDPR is concerned with the rights of individuals, it is hard to be sure that you will never process the data of an EU citizen due to the prevalence of international travel, remote work, etc. At Salesmate, we think of our entire customer base as having equal protections, regardless of citizenship.
Where is my data stored? Should I be concerned about the data of my customers in the EU being stored outside of the EU?
Salesmate production data is both processed and stored in Google Cloud Platform’s data centers and Amazon’s (AWS). All data centers that process Salesmate data are located in the US. You can read more about Google’s Cloud security and Amazon’s Cloud security.
If you have customers in the EU or are located in the EU, you will need to sign a Data Processing Agreement (DPA) with Salesmate to allow for the transfer of data to these US data centers.
Complying with Data Subjects Rights with Salesmate
Do I need to obtain consent for emails tracking?
European data protection authorities have expressed the opinion that email tracking requires that recipients have opted into the collection of tracking data. While not at the same level as the GDPR itself, such opinions are often taken into account when resolving disputes.
So if you are sending an email to a person residing in EU region, then you might require a consent to track those emails. Please check with your legal advisor for more details.
If you have email tracking enabled and a contact writes in asking for their data to be deleted, you’ll have the option to delete that tracking to ensure compliance with the right to be forgotten. Right now you can request us to delete that tracking. We are coming up with a feature which will allow administrator users to delete any tracking logs which are already captured.
Can I use Data Enrichment with Salesmate?
Salesmate doesn’t auto store any contact information automatically. You are required to connect with Clearbit Integration for data enrichment. Therefore, in terms of the GDPR, Salesmate is the data processor and thus the user (that’s you) is the data controller responsible for how the data is used and stored. Please make sure you have consented to collect and store contact’s information.
What can I provide an EU citizen if they request a copy of data being processed by Salesmate?
Salesmate has the export mechanism whereas you can always export contact’s information from Salesmate in form of CSV. It requires few steps but you can always export and share data with them if required.
When I cancel my account, is my data deleted right away?
If you are using the free trial and you request for link cancellation then your data is deleted within 7 working days. If you are using paid version and if you request for link cancellation, your data is maintained for the time you have already paid for.
If you wish for all of your data to be deleted at the time of account cancellation, please write to firstname.lastname@example.org and we can help to take care of your request.
Is it possible to delete any contact’s record from Salesmate?
You can delete any individual contact on their request. Salesmate will not track any further information about that contact. Please note activities and deals related to a particular contact can have multiple people involved inside, so those records are not auto-deleted, but you can still search for all records and do a bulk delete.
Please note you can still recover those deleted records within 30 days of deletion. In case if you need to delete them permanently, please visit “Deleted Records” section within setup and delete all records from there.
Can I export my Data from Salesmate?
Salesmate has an inbuilt feature to export most of your data in form of CSV with few clicks. For notes and files, we have provided APIs which can be used to export data from Salesmate.
Commitment for GDPR
GDPR is much more than checking off a task from your list. It is an in-depth practice which is needed to be carried to maintain the privacy of your contact’s data. Right now, there is no certification process by which you can assure that you have a complaint. We will keep improving our system as GDPR involves in coming days to make sure we serve in the best way possible to our customers for serving EU citizens.
All versions of the DPA are attached below on this article for reference and are time stamped for reference.